[PATCH] m32r: security fix of {get,put}_user macros

Update {get,put}_user macros for m32r kernel. - Modify get_user to use __get_user_asm macro, instead of __get_user_x macro. - Remove arch/m32r/lib/{get,put}user.S. - Some cosmetic updates. I would like to thank NIIBE Yutaka for his reporting about the m32r kernel's security problem in {get,put}_user macros. There were no address checking for user space access in {get,put}_user macros. ;-) Signed-off-by: Hirokazu Takata <takata@linux-m32r.org> Cc: NIIBE Yutaka <gniibe@fsij.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Hirokazu Takata <takata@linux-m32r.org> 2006-04-11 01:53:20 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-04-11 09:18:34 -0400
commit: 04dfd0de4ec04aaf7d9d42439c972c642a15a75c (patch)
tree: 26f093671aee900dadc7458f774eb9eb9e209b78 /arch/m32r/lib
parent: 7c1c4e541888947947bc46a18a9a5543a259ed62 (diff)
3 files changed, 2 insertions, 174 deletions
diff --git a/arch/m32r/lib/Makefile b/arch/m32r/lib/Makefile
index e632d10c7d78..d16b4e40d1ae 100644
--- a/arch/m32r/lib/Makefile
+++ b/arch/m32r/lib/Makefile
@@ -2,6 +2,6 @@
 # Makefile for M32R-specific library files..
 #
-lib-y  := checksum.o ashxdi3.o memset.o memcpy.o getuser.o \
+lib-y  := checksum.o ashxdi3.o memset.o memcpy.o \
-          putuser.o delay.o strlen.o usercopy.o csum_partial_copy.o
+          delay.o strlen.o usercopy.o csum_partial_copy.o
diff --git a/arch/m32r/lib/getuser.S b/arch/m32r/lib/getuser.S
deleted file mode 100644
index 58a0db055c5c..000000000000
--- a/arch/m32r/lib/getuser.S
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * __get_user functions.
- *
- * (C) Copyright 2001 Hirokazu Takata
- *
- * These functions have a non-standard call interface
- * to make them more efficient, especially as they
- * return an error value in addition to the "real"
- * return value.
- */
-#include <linux/config.h>
-/*
- * __get_user_X
- *
- * Inputs:      r0 contains the address
- *
- * Outputs:     r0 is error code (0 or -EFAULT)
- *              r1 contains zero-extended value
- *
- * These functions should not modify any other registers,
- * as they get called from within inline assembly.
- */
-#ifdef CONFIG_ISA_DUAL_ISSUE
-        .text
-        .balign 4
-        .globl __get_user_1
-__get_user_1:
-1:      ldub    r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __get_user_2
-__get_user_2:
-2:      lduh    r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __get_user_4
-__get_user_4:
-3:      ld      r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-bad_get_user:
-        ldi     r1, #0              ||  ldi     r0, #-14
-        jmp     r14
-#else /* not CONFIG_ISA_DUAL_ISSUE */
-        .text
-        .balign 4
-        .globl __get_user_1
-__get_user_1:
-1:      ldub    r1, @r0
-        ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __get_user_2
-__get_user_2:
-2:      lduh    r1, @r0
-        ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __get_user_4
-__get_user_4:
-3:      ld      r1, @r0
-        ldi     r0, #0
-        jmp     r14
-bad_get_user:
-        ldi     r1, #0
-        ldi     r0, #-14
-        jmp     r14
-#endif /* not CONFIG_ISA_DUAL_ISSUE */
-.section __ex_table,"a"
-        .long 1b,bad_get_user
-        .long 2b,bad_get_user
-        .long 3b,bad_get_user
-.previous
-        .end
diff --git a/arch/m32r/lib/putuser.S b/arch/m32r/lib/putuser.S
deleted file mode 100644
index 218154cc3890..000000000000
--- a/arch/m32r/lib/putuser.S
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * __put_user functions.
- *
- * (C) Copyright 1998 Linus Torvalds
- * (C) Copyright 2001 Hirokazu Takata
- *
- * These functions have a non-standard call interface
- * to make them more efficient.
- */
-#include <linux/config.h>
-/*
- * __put_user_X
- *
- * Inputs:      r0 contains the address
- *              r1 contains the value
- *
- * Outputs:     r0 is error code (0 or -EFAULT)
- *              r1 is corrupted (will contain "current_task").
- *
- * These functions should not modify any other registers,
- * as they get called from within inline assembly.
- */
-#ifdef CONFIG_ISA_DUAL_ISSUE
-        .text
-        .balign 4
-        .globl __put_user_1
-__put_user_1:
-1:      stb     r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __put_user_2
-__put_user_2:
-2:      sth     r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __put_user_4
-__put_user_4:
-3:      st      r1, @r0             ||  ldi     r0, #0
-        jmp     r14
-bad_put_user:
-        ldi     r0, #-14            ||  jmp     r14
-#else /* not CONFIG_ISA_DUAL_ISSUE */
-        .text
-        .balign 4
-        .globl __put_user_1
-__put_user_1:
-1:      stb     r1, @r0
-        ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __put_user_2
-__put_user_2:
-2:      sth     r1, @r0
-        ldi     r0, #0
-        jmp     r14
-        .balign 4
-        .globl __put_user_4
-__put_user_4:
-3:      st      r1, @r0
-        ldi     r0, #0
-        jmp     r14
-bad_put_user:
-        ldi     r0, #-14
-        jmp     r14
-#endif /* not CONFIG_ISA_DUAL_ISSUE */
-.section __ex_table,"a"
-        .long 1b,bad_put_user
-        .long 2b,bad_put_user
-        .long 3b,bad_put_user
-.previous
author	Hirokazu Takata <takata@linux-m32r.org>	2006-04-11 01:53:20 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-04-11 09:18:34 -0400
commit	04dfd0de4ec04aaf7d9d42439c972c642a15a75c (patch)
tree	26f093671aee900dadc7458f774eb9eb9e209b78 /arch/m32r/lib
parent	7c1c4e541888947947bc46a18a9a5543a259ed62 (diff)

diff --git a/arch/m32r/lib/Makefile b/arch/m32r/lib/Makefile index e632d10c7d78..d16b4e40d1ae 100644 --- a/arch/m32r/lib/Makefile +++ b/arch/m32r/lib/Makefile
@@ -2,6 +2,6 @@
2	# Makefile for M32R-specific library files..	2	# Makefile for M32R-specific library files..
3	#	3	#
4		4
5	lib-y := checksum.o ashxdi3.o memset.o memcpy.o getuser.o \	5	lib-y := checksum.o ashxdi3.o memset.o memcpy.o \
6	putuser.o delay.o strlen.o usercopy.o csum_partial_copy.o	6	delay.o strlen.o usercopy.o csum_partial_copy.o
7		7


diff --git a/arch/m32r/lib/getuser.S b/arch/m32r/lib/getuser.S deleted file mode 100644 index 58a0db055c5c..000000000000 --- a/arch/m32r/lib/getuser.S +++ /dev/null
@@ -1,88 +0,0 @@
1	/*
2	* __get_user functions.
3	*
4	* (C) Copyright 2001 Hirokazu Takata
5	*
6	* These functions have a non-standard call interface
7	* to make them more efficient, especially as they
8	* return an error value in addition to the "real"
9	* return value.
10	*/
11
12	#include <linux/config.h>
13
14	/*
15	* __get_user_X
16	*
17	* Inputs: r0 contains the address
18	*
19	* Outputs: r0 is error code (0 or -EFAULT)
20	* r1 contains zero-extended value
21	*
22	* These functions should not modify any other registers,
23	* as they get called from within inline assembly.
24	*/
25
26	#ifdef CONFIG_ISA_DUAL_ISSUE
27
28	.text
29	.balign 4
30	.globl __get_user_1
31	__get_user_1:
32	1: ldub r1, @r0 \|\| ldi r0, #0
33	jmp r14
34
35	.balign 4
36	.globl __get_user_2
37	__get_user_2:
38	2: lduh r1, @r0 \|\| ldi r0, #0
39	jmp r14
40
41	.balign 4
42	.globl __get_user_4
43	__get_user_4:
44	3: ld r1, @r0 \|\| ldi r0, #0
45	jmp r14
46
47	bad_get_user:
48	ldi r1, #0 \|\| ldi r0, #-14
49	jmp r14
50
51	#else /* not CONFIG_ISA_DUAL_ISSUE */
52
53	.text
54	.balign 4
55	.globl __get_user_1
56	__get_user_1:
57	1: ldub r1, @r0
58	ldi r0, #0
59	jmp r14
60
61	.balign 4
62	.globl __get_user_2
63	__get_user_2:
64	2: lduh r1, @r0
65	ldi r0, #0
66	jmp r14
67
68	.balign 4
69	.globl __get_user_4
70	__get_user_4:
71	3: ld r1, @r0
72	ldi r0, #0
73	jmp r14
74
75	bad_get_user:
76	ldi r1, #0
77	ldi r0, #-14
78	jmp r14
79
80	#endif /* not CONFIG_ISA_DUAL_ISSUE */
81
82	.section __ex_table,"a"
83	.long 1b,bad_get_user
84	.long 2b,bad_get_user
85	.long 3b,bad_get_user
86	.previous
87
88	.end


diff --git a/arch/m32r/lib/putuser.S b/arch/m32r/lib/putuser.S deleted file mode 100644 index 218154cc3890..000000000000 --- a/arch/m32r/lib/putuser.S +++ /dev/null
@@ -1,84 +0,0 @@
1	/*
2	* __put_user functions.
3	*
4	* (C) Copyright 1998 Linus Torvalds
5	* (C) Copyright 2001 Hirokazu Takata
6	*
7	* These functions have a non-standard call interface
8	* to make them more efficient.
9	*/
10
11	#include <linux/config.h>
12
13	/*
14	* __put_user_X
15	*
16	* Inputs: r0 contains the address
17	* r1 contains the value
18	*
19	* Outputs: r0 is error code (0 or -EFAULT)
20	* r1 is corrupted (will contain "current_task").
21	*
22	* These functions should not modify any other registers,
23	* as they get called from within inline assembly.
24	*/
25
26	#ifdef CONFIG_ISA_DUAL_ISSUE
27
28	.text
29	.balign 4
30	.globl __put_user_1
31	__put_user_1:
32	1: stb r1, @r0 \|\| ldi r0, #0
33	jmp r14
34
35	.balign 4
36	.globl __put_user_2
37	__put_user_2:
38	2: sth r1, @r0 \|\| ldi r0, #0
39	jmp r14
40
41	.balign 4
42	.globl __put_user_4
43	__put_user_4:
44	3: st r1, @r0 \|\| ldi r0, #0
45	jmp r14
46
47	bad_put_user:
48	ldi r0, #-14 \|\| jmp r14
49
50	#else /* not CONFIG_ISA_DUAL_ISSUE */
51
52	.text
53	.balign 4
54	.globl __put_user_1
55	__put_user_1:
56	1: stb r1, @r0
57	ldi r0, #0
58	jmp r14
59
60	.balign 4
61	.globl __put_user_2
62	__put_user_2:
63	2: sth r1, @r0
64	ldi r0, #0
65	jmp r14
66
67	.balign 4
68	.globl __put_user_4
69	__put_user_4:
70	3: st r1, @r0
71	ldi r0, #0
72	jmp r14
73
74	bad_put_user:
75	ldi r0, #-14
76	jmp r14
77
78	#endif /* not CONFIG_ISA_DUAL_ISSUE */
79
80	.section __ex_table,"a"
81	.long 1b,bad_put_user
82	.long 2b,bad_put_user
83	.long 3b,bad_put_user
84	.previous